Consider a scenario: you have 2 AWS accounts: dev & prod. You need an IAM user in dev to be able to access resources in prod. This article explains a simple 3-step approach to accomplishing this.
Step 1: Create an IAM Role in Prod
Login to prod as a privileged user & create an IAM role with the permissions that the dev user should have when they assume this role:
Step 2: Allow Dev User to Assume the Prod Role
Next, log out of prod, login to dev as a privileged user & apply an inline policy to the IAM user that should be able to access prod resources:
Provide the ARN of the prod role in the resources section of the policy.
Step 3: Switch Role from Dev to Prod
Next, log out & login to dev as the IAM user & switch role to start accessing prod resources: